UNIFIED MEETING 5 SECURITY WHITEPAPER INTERCALL.COM

Transcription

1 UNIFIED MEETING 5 SECURITY WHITEPAPER INTERCALL.COM

2 As organizations unlock the true potential of meeting over the web as an alternative to costly and timeconsuming travel, they do so in the face of great political and economic change. All organizations using web and audio conferencing need to be confident that their presentations and meetings are protected. Whether meeting internally or with trusted external parties, it is important for meeting participants to be able to collaborate and share sensitive corporate information freely yet securely, within the confines of strict firewall protection. With these goals in mind, Unified Meeting 5 was developed to be secure by design, providing users with high-level security throughout all phases of conferencing, presentation storage, delivery and collaboration. Security applies to Unified Meeting 5 in four ways, through: Access Security Session Management Content Security Secure Application Design This paper describes how security controls are effectively used to protect organizations using Unified Meeting 5. It includes discussions of how Unified Meeting 5 provides standard security protocols at the account and presentation levels, additional security options such as Secure Sockets Layer (SSL) 128-bit encryption and firewall transparency. Main Benefits Moderators and presenters install the Unified Meeting 5 application that can be deployed organization-wide via MSI. The MSI file can be evaluated by an organization s system administrators and used with any configuration management system. Using the MSI, Unified Meeting 5 can be remotely installed on users desktops within the controlled environment of the organization. Participants have the option of installing the application or using a secure client that is 100% browser based. All Unified Meeting 5 features are firewall transparent, meaning that the system adapts to the security policies of firewalls for which regular web browsing is enabled. Unified Meeting 5 does not try to circumvent firewall security policies. Unified Meeting 5 uses HTTPS on port 443. INTERCALL.COM

3 Access Security Unified Meeting 5 uses industry-standard security protocols at the account and presentation levels. Access Security Features Audio Leader PIN Every account holder is assigned a strong web password and a Personal Identification Number (PIN). The web password allows you to install the client portion of Unified Meeting 5 on your computer. The installation will also automatically attach to Outlook installed on the computer to add a button that allows you to schedule web an audio meetings. The audio leader PIN provides security that will allow you to authenticate yourself to the audio system to ensure you are the moderator. Both the web password and audio leader PIN should be kept confidential. Consecutive attempts to enter an invalid password or PIN while trying to access either web or voice portions of a meeting will result in a lock on the account. Participant Identification Moderators may require their attendees to identify themselves upon entering a meeting. When attendees enter the participant ID, they announce their web presence to the moderator. Moderator Dial-Out The moderator can dial out to participants instead of having them dial into the meeting. This allows moderators to validate the participant and control the dissemination of meeting numbers. Locking the Door Moderators may lock the door to a meeting. Participants trying to enter the audio and/or web portion of a meeting go into a virtual waiting room where they wait to be greeted and admitted by the moderator. The moderator can admit participants in the waiting room via the telephone keypad (DTMF command) or the web interface. Dismissing Participants A moderator can quickly dismiss an individual or all participants from a Unified Meeting 5 session. When a participant is dismissed, that person is dismissed from both the audio and web portions of the meeting. Session Management Session Management Features Session Timeout Unified Meeting 5 sessions will time-out after 30 minutes of inactivity. After 30 minutes, the account is logged out, but this action does not affect meetings in progress. End of Meeting When a moderator ends a meeting, participants are automatically dismissed from the web portion of the meeting and the moderator can optionally choose to dismiss audio participants from the voice portion of the conference. INTERCALL.COM

4 Randomly Generated Session Management Values Unified Meeting 5 uses a randomly generated token, chosen from 42 billion possible combinations and stored as a session (non-persistent) cookie, to identify a logged-in account holder. It is needed to authenticate your credentials with the backend servers. When the Unified Meeting 5 session is terminated, both the cookie and the token disappear. Participants require the same token on a session cookie to access a meeting. Content Security Unified Meeting 5 allows organizations to go beyond access security and offers multiple levels of content security that are designed to suit the needs of the organization. Content Security Features SSL Encryption Unified Meeting 5 offers 128-bit Secure Sockets Layer (SSL) encryption for all login and password information, and application sharing. This option provides the same level of security used by online financial institutions. You need the same session management token for reaching a meeting as you would to access any content from Unified Meeting 5 servers. Database Unified Meeting 5 databases are not publicly addressable. Only machines within its data center with IP addresses that are on an access list can reach them. Authentication for this data is enabled on the table level. That means someone without the proper credentials cannot query against the database, even if they have gained access to the machine. Secure Application Design Secure Application Design Features Operating Systems Unified Meeting 5 is based on standard web server technology (Linux servers) and proprietary servers developed from the ground up. They are built specifically to meet the demands of online conferencing. All servers are locked down using best practices, as well as proprietary security measures. Testing Fields and Processes All user input fields are checked for validation and length restrictions. All processes are extensively tested before being put into production. Security Event Logging and Archiving Security logs are recorded and archived for all components. System Development Life Cycle (SDLC) Security is designed and applied from the ground up and throughout the development and product life cycle. INTERCALL.COM

5 Change Management Implementation and rollback plans are mapped out in detail before any changes are made. Releases follow a formalized product release cycle and are thoroughly tested on pre-production servers to ensure that upgrades do not affect functionality or meeting data. Web Specific Application Standards Encryption By design, no confidential information is available in either URL or HTTP headers. Using SSL, all confidential customer information is sent fully encrypted. World-Class Infrastructure Unified Meeting 5 offers a distributed architecture where several geographically dispersed and load balanced servers allow for managing content, sharing applications, and controlling codes. This enables Unified Meeting 5 to scale beyond single server systems. Unified Meeting 5 s reliability and security are further enhanced by the use first-tiered Internet Data Center (IDC) service providers with co-location agreements throughout the world. Most IDC partners supporting Unified Meeting 5 are ISO certified or SAS 70 Type II audited and operate state-of-the-art facilities offering these features. 24/7 security-controlled access (i.e., guards, cameras, motion sensors, etc.) 100% guarantee of uninterrupted power supply via the N + 1 standard Raised floors Line sensor water detection system HVAC temperature-control systems with separate cooling zones Seismically braced racks (where applicable) Redundant subsystems (i.e., fiber cables, power supply) Smoke detection and fire suppression systems Third-Party Operational Control Security Standards Administrative Procedures Various first-tiered IDC service providers host Unified Meeting 5 Internet data centers. Companies such as COLT Telecommunications, Savvis Communications, and PacNet provide the physical environment necessary to keep Unified Meeting 5 servers up and running at all times Within these facilities, Unified Meeting 5 can deliver the highest levels of reliability through a number of redundant systems, such as multiple fiber trunks coming into each IDC from multiple sources, fully redundant power on the premises, and multiple backup generators. There is also around-the-clock systems management with onsite personnel trained in the areas of networking, Internet, and systems management. The result is a physical and technical environment affording customers the reliability and security that they need. INTERCALL.COM

6 Data Backup Nightly backups are performed on all database information. This data is encrypted and stored offsite for long-term storage purposes. No customer uploaded content is backed up or stored outside our infrastructure. No back-up tapes are used to store data. Disaster Contingency and Business Resumption Plans Unified Meeting 5 promotes a culture of security and reliability that manifests itself in resilience procedures that account for even the most exceptional disruptions. Disaster Contingency Plans MONITORING AND MAINTENANCE Unified Meeting 5 provides constant system monitoring, with random testing of pagers and alert procedures for response times. There are also regular capacity reporting and planning plus preventative maintenance programs Every quarter, system failures are simulated to test recovery processes. OFFSITE BACKUP STORAGE All database and customer content is replicated within and between our IDC s for disaster recovery purposes. If a customer deletes their content, it will also be deleted in the replicated repository. Warm/Hot Sites Unified Meeting 5 employs a multi-redundant site architecture that enables the capability of switching from a failed data center to another in case of disaster. If a Unified Meeting 5 conference server experiences failure, the meeting can be restarted and the system will automatically relocate to a different server and/or data center. Business Continuity Planning All critical customer transactions benefit from existing backup, redundancy, and recovery programs. On request and on a limited basis, some components of the infrastructure can be dedicated to specific customer needs. Redundancy and Fail-Over Procedures All Unified Meeting 5 servers and communications lines are redundant and located throughout its multi-site international infrastructure. In case of localized failure, Unified Meeting 5 will re-route new meetings to another data center. Internet Infrastructure Security Standards Firewall Compatibility Unified Meeting 5 is a firewall-friendly program but will not function correctly if a client-side firewall blocks access to Unified Meeting 5 IP addresses or filters JavaScript. Unified Meeting 5 is designed to be compatible with any firewall/proxy configurations that allow users to browse the web using HTTPS over port 443. Note: Unified Meeting 5 only requires outbound connections on port 443. Inbound connections are not required and never attempted. Please see the Error! Reference source not found. section for more information on the usage of ports in the Unified Meeting 5. INTERCALL.COM

7 Host/Network Intrusion Detection Systems Compatibility Unified Meeting 5 uses industry standard tools for host/network monitoring, as well as proprietary controls for improved intrusion detection. At the meeting level, all connections to Unified Meeting 5 are identified and listed in the moderator interface, and the moderator always has power to disconnect any unauthorized connection, as well as the ability to lock the conference to limit further access. Standards for Third-Party Hosted Internet Infrastructure Applications or Services FIREWALLS All Unified Meeting 5 servers are protected by firewalls and carefully monitored for intrusion. REAL-TIME ALARMS All Unified Meeting 5 servers and devices are capable of raising real-time alarms in the case of failure or intrusion detection. Network operations centers are staffed at all hours to respond to alarms. METHODS FOR SECURITY EVENT LOGGING AND ARCHIVING BY COMPONENT Unified Meeting 5 monitoring tools produce continuous logs of transactions/events. ONGOING THIRD-PARTY CERTIFICATION PROGRAMS Annual security assessments, Network Vulnerability and Web Application Penetration Tests, of the production network and infrastructure of Unified Meeting 5 facilities are conducted by qualified third parties and certifications have been received to confirm that the production network supporting the Unified Meeting 5 platform is free of all known material security vulnerabilities. INTERCALL.COM

BroadData Unified Meeting Security Whitepaper v4.2 Introduction As organizations unlock the true potential of meeting over the Web as an alternative to costly and time-consuming travel, they do so in the

Achieving security with cloud data protection Autonomy LiveVault Can cloud backup be secure? Today, more and more companies recognize the value and convenience of using cloud backup to protect their server

Category Question Name Question Text C 1.1 Do all users and administrators have a unique ID and password? C 1.1.1 Passwords are required to have ( # of ) characters: 5 or less 6-7 8-9 Answer 10 or more

Security Overview Introduction ShowMyPC provides real-time communication services to organizations and a large number of corporations. These corporations use ShowMyPC services for diverse purposes ranging

Las Vegas Datacenter Overview Product Overview and Data Sheet Product Data Sheet Maintaining a Software as a Service (SaaS) environment with market leading availability and security is something that Active

MEDIAROOM Products Hosting Infrastructure Documentation Introduction The purpose of this document is to provide an overview of the hosting infrastructure used for our line of hosted Web products and provide

Small Business IT Risk Assessment Company name: Completed by: Date: Where Do I Begin? A risk assessment is an important step in protecting your customers, employees, and your business, and well as complying

Famly ApS: Overview of Security Processes October 2015 Please consult http://famly.co for the latest version of this paper Page 1 of 10 Table of Contents 1. INTRODUCTION TO SECURITY AT FAMLY... 3 2. PHYSICAL

SaaS Security for the Confirmit CustomerSat Software July 2015 Arnt Feruglio Chief Operating Officer The Confirmit CustomerSat Software Designed for The Web. From its inception in 1997, the architecture

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific documents requested,

SNAP WEBHOST SECURITY POLICY Should you require any technical support for the Snap survey software or any assistance with software licenses, training and Snap research services please contact us at one

SERVICEPOINT SECURING CLIENT DATA This document and the information contained herein are the property of and should be considered business sensitive. Copyright 2006 333 Texas Street Suite 300 Shreveport,

Selecting a Secure Conferencing Solution Organizations are increasingly using audio and web conferencing to enhance communications among employees, customers and partners. These conferences can be used

GiftWrap 4.0 Security FAQ The information presented here is current as of the date of this document, and may change from time-to-time, in order to reflect s ongoing efforts to maintain the highest levels

SECURITY DOCUMENT BetterTranslationTechnology XTM Security Document Documentation for XTM Version 6.2 Published by XTM International Ltd. Copyright XTM International Ltd. All rights reserved. No part of

PROTECTING YOUR VOICE SYSTEM IN THE CLOUD Every enterprise deserves to know what its vendors are doing to protect the data and systems entrusted to them. Leading IVR vendors in the cloud, like Angel, consider

LIVE CHAT CLOUD SECURITY Everything you need to know about live chat and communicating with your customers securely LIVE CHAT CLOUD SECURITY Introduction Security is a top priority online it is vital that

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific

BOWMAN SYSTEMS SECURING CLIENT DATA 2012 Bowman Systems L.L.C. All Rights Reserved. This document and the information contained herein are the property of Bowman Systems L.L.C. and should be considered

Information Technology General Controls Review (ITGC) Audit Program Date Prepared: 2012 Internal Audit Work Plan Objective: IT General Controls (ITGC) address the overall operation and activities of the

Autodesk Trust Center Security Controls for the Autodesk 360 Managed Services Autodesk strives to apply the operational best practices of leading cloud-computing providers around the world. Sound practices

FORM 20A.9 SAMPLE AUDIT PROGRAM FOR TESTING IT CONTROLS Workpaper Reference Date(s) Completed Organization and Staffing procedures used to define the organization of the IT Department. 2. Review the organization

Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the

Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)

Online backup subscription service and security overview Abstract This White Paper is a ready reckoner for Small and Medium Enterprises (SMEs) for their data storage needs. Traditional tape-based backups